General
-
Target
1bba40cd593bed2b1f35529f02a1bc01.exe
-
Size
4.2MB
-
Sample
241219-h55cxavjfy
-
MD5
1bba40cd593bed2b1f35529f02a1bc01
-
SHA1
a0d27bf89c1d0ef1da317b101d134dd83a326fd9
-
SHA256
0c9d197700bb3c5a707382a110a0466daa05c6d44793a60248c69c1784b02237
-
SHA512
f75b3e7ea9751b2e3f02d90de33f46cee91a2c464d2e32072dc3ca5aef85cd3e46be44e87ac1201b3b9fe08ba015522d9094869347afe2809b30a3bc0c57182d
-
SSDEEP
98304:gJf2TI4C0z0dAvtBgn2TRd5LWA9XZTO+NpL6714GxCZ9Zi9Qv/71C:4eTNC20S7gnKhWA9XZa4Gxq9Zi9Q5C
Static task
static1
Behavioral task
behavioral1
Sample
1bba40cd593bed2b1f35529f02a1bc01.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
1bba40cd593bed2b1f35529f02a1bc01.exe
-
Size
4.2MB
-
MD5
1bba40cd593bed2b1f35529f02a1bc01
-
SHA1
a0d27bf89c1d0ef1da317b101d134dd83a326fd9
-
SHA256
0c9d197700bb3c5a707382a110a0466daa05c6d44793a60248c69c1784b02237
-
SHA512
f75b3e7ea9751b2e3f02d90de33f46cee91a2c464d2e32072dc3ca5aef85cd3e46be44e87ac1201b3b9fe08ba015522d9094869347afe2809b30a3bc0c57182d
-
SSDEEP
98304:gJf2TI4C0z0dAvtBgn2TRd5LWA9XZTO+NpL6714GxCZ9Zi9Qv/71C:4eTNC20S7gnKhWA9XZa4Gxq9Zi9Q5C
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-